Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
5
Merge Requests
5
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jérome Perrin
slapos
Commits
2481bc39
Commit
2481bc39
authored
May 03, 2022
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Convert to python3
Profiles and required scripts are converted to be python3 only compatible.
parent
1dd5d303
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
85 additions
and
65 deletions
+85
-65
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+8
-8
software/caddy-frontend/caddyprofiledummy.py
software/caddy-frontend/caddyprofiledummy.py
+7
-7
software/caddy-frontend/instance-apache-frontend.cfg.in
software/caddy-frontend/instance-apache-frontend.cfg.in
+13
-8
software/caddy-frontend/instance-apache-replicate.cfg.in
software/caddy-frontend/instance-apache-replicate.cfg.in
+12
-12
software/caddy-frontend/instance-kedifa.cfg.in
software/caddy-frontend/instance-kedifa.cfg.in
+19
-9
software/caddy-frontend/instance.cfg.in
software/caddy-frontend/instance.cfg.in
+2
-1
software/caddy-frontend/software.cfg
software/caddy-frontend/software.cfg
+0
-1
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
.../caddy-frontend/templates/apache-custom-slave-list.cfg.in
+16
-11
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
...tend/templates/replicate-publish-slave-information.cfg.in
+7
-7
software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
...rontend/templates/slave-introspection-httpd-nginx.conf.in
+1
-1
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
2481bc39
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
051ae51b86f9aba169a6777fa2239901
md5sum =
f1f04e7f27bc6e40a655dd4badb2a8af
[profile-common]
[profile-common]
filename = instance-common.cfg.in
filename = instance-common.cfg.in
...
@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
...
@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend]
[profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in
filename = instance-apache-frontend.cfg.in
md5sum =
1e912fb970401a4b7670b25ba8284a5b
md5sum =
874133120f3a4eda1d0505b8608b280f
[profile-caddy-replicate]
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
filename = instance-apache-replicate.cfg.in
md5sum =
57388e76c7e61b3d7213df8aac0b407d
md5sum =
02a10d92d2b0e270454998cf865b6895
[profile-slave-list]
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum =
964a7f673f441f3a3e90c88ab03e3351
md5sum =
268a945e5c7a52c8766b54a817215c4c
[profile-replicate-publish-slave-information]
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = b
e54431846fe7f3cee65260eefc83d62
md5sum = b
3422f3624054f57b78d0e50a0de399a
[profile-caddy-frontend-configuration]
[profile-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in
_update_hash_filename_ = templates/Caddyfile.in
...
@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
...
@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
[caddyprofiledeps-dummy]
[caddyprofiledeps-dummy]
filename = caddyprofiledummy.py
filename = caddyprofiledummy.py
md5sum =
b41b8de115ad815d0b0db306ad650365
md5sum =
1c866272ec0ea0c161f0c0d80cb6e584
[profile-kedifa]
[profile-kedifa]
filename = instance-kedifa.cfg.in
filename = instance-kedifa.cfg.in
md5sum =
b5426129668f39ace55f14012c4a2fd2
md5sum =
2f1c9cc9a3d2f4c6ac59eba5a99d4983
[template-backend-haproxy-rsyslogd-conf]
[template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
...
@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
...
@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
[template-slave-introspection-httpd-nginx]
[template-slave-introspection-httpd-nginx]
_update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
_update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
md5sum =
3067e6ba6c6901821d57d2109517d39c
md5sum =
b79addf01b6fb93c2f3d018e83eff766
[template-expose-csr-nginx-conf]
[template-expose-csr-nginx-conf]
_update_hash_filename_ = templates/expose-csr-nginx.conf.in
_update_hash_filename_ = templates/expose-csr-nginx.conf.in
...
...
software/caddy-frontend/caddyprofiledummy.py
View file @
2481bc39
from
__future__
import
print_function
import
caucase.client
import
caucase.client
import
caucase.utils
import
caucase.utils
import
os
import
os
import
ssl
import
ssl
import
sys
import
sys
import
urllib
import
urllib
.request
,
urllib
.
parse
,
urllib
.
error
import
urlparse
import
url
lib.
parse
from
cryptography
import
x509
from
cryptography
import
x509
from
cryptography.hazmat.primitives
import
serialization
from
cryptography.hazmat.primitives
import
serialization
...
@@ -24,7 +24,7 @@ class Recipe(object):
...
@@ -24,7 +24,7 @@ class Recipe(object):
def
validate_netloc
(
netloc
):
def
validate_netloc
(
netloc
):
# a bit crazy way to validate that the passed parameter is haproxy
# a bit crazy way to validate that the passed parameter is haproxy
# compatible server netloc
# compatible server netloc
parsed
=
urlparse
.
urlparse
(
'scheme://'
+
netloc
)
parsed
=
url
lib
.
parse
.
urlparse
(
'scheme://'
+
netloc
)
if
':'
in
parsed
.
hostname
:
if
':'
in
parsed
.
hostname
:
hostname
=
'[%s]'
%
parsed
.
hostname
hostname
=
'[%s]'
%
parsed
.
hostname
else
:
else
:
...
@@ -33,7 +33,7 @@ def validate_netloc(netloc):
...
@@ -33,7 +33,7 @@ def validate_netloc(netloc):
def
_check_certificate
(
url
,
certificate
):
def
_check_certificate
(
url
,
certificate
):
parsed
=
urlparse
.
urlparse
(
url
)
parsed
=
url
lib
.
parse
.
urlparse
(
url
)
got_certificate
=
ssl
.
get_server_certificate
((
parsed
.
hostname
,
parsed
.
port
))
got_certificate
=
ssl
.
get_server_certificate
((
parsed
.
hostname
,
parsed
.
port
))
if
certificate
.
strip
()
!=
got_certificate
.
strip
():
if
certificate
.
strip
()
!=
got_certificate
.
strip
():
raise
ValueError
(
'Certificate for %s does not match expected one'
%
(
url
,))
raise
ValueError
(
'Certificate for %s does not match expected one'
%
(
url
,))
...
@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate):
...
@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate):
self_signed
=
ssl
.
create_default_context
()
self_signed
=
ssl
.
create_default_context
()
self_signed
.
check_hostname
=
False
self_signed
.
check_hostname
=
False
self_signed
.
verify_mode
=
ssl
.
CERT_NONE
self_signed
.
verify_mode
=
ssl
.
CERT_NONE
return
urllib
.
urlopen
(
url
,
context
=
self_signed
).
read
()
return
urllib
.
request
.
urlopen
(
url
,
context
=
self_signed
).
read
().
decode
()
def
_get_caucase_client
(
ca_url
,
ca_crt
,
user_key
):
def
_get_caucase_client
(
ca_url
,
ca_crt
,
user_key
):
...
@@ -72,7 +72,7 @@ def _csr_match(*csr_list):
...
@@ -72,7 +72,7 @@ def _csr_match(*csr_list):
number_list
=
set
([])
number_list
=
set
([])
for
csr
in
csr_list
:
for
csr
in
csr_list
:
number_list
.
add
(
number_list
.
add
(
x509
.
load_pem_x509_csr
(
str
(
csr
)).
public_key
().
public_numbers
())
x509
.
load_pem_x509_csr
(
csr
.
encode
(
)).
public_key
().
public_numbers
())
return
len
(
number_list
)
==
1
return
len
(
number_list
)
==
1
...
...
software/caddy-frontend/instance-apache-frontend.cfg.in
View file @
2481bc39
...
@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value}
...
@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value}
init =
init =
import hashlib
import hashlib
import base64
import base64
options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])
).digest()
)
options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])
.encode()).digest()).decode(
)
[frontend-node-information]
[frontend-node-information]
recipe = slapos.recipe.build
recipe = slapos.recipe.build
...
@@ -359,9 +359,9 @@ partition_ipv6 = ${slap-configuration:ipv6-random}
...
@@ -359,9 +359,9 @@ partition_ipv6 = ${slap-configuration:ipv6-random}
extra-context =
extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration
key caddy_configuration_directory caddy-directory:slave-configuration
key backend_client_caucase_url :backend-client-caucase-url
key backend_client_caucase_url :backend-client-caucase-url
import urlparse_module urlparse
import furl_module furl
import furl_module furl
import urllib_module urllib
import urllib_module urllib
import operator_module operator
key master_key_download_url :master_key_download_url
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log
key caddy_log_directory caddy-directory:slave-log
...
@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
...
@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
# BBB: SlapOS Master non-zero knowledge BEGIN
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
[get-self-signed-fallback-access]
recipe = collective.recipe.shelloutput
recipe = slapos.recipe.build
commands =
certificate-file = ${self-signed-fallback-access:certificate}
certificate = cat ${self-signed-fallback-access:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[apache-certificate]
[apache-certificate]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -1066,7 +1071,7 @@ config-command =
...
@@ -1066,7 +1071,7 @@ config-command =
${logrotate:wrapper-path} -d
${logrotate:wrapper-path} -d
[configuration]
[configuration]
{%- for key, value in instance_parameter_dict.ite
rite
ms() -%}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if key.startswith('configuration.') %}
{%- if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%}
{%- endif -%}
...
@@ -1076,13 +1081,13 @@ config-command =
...
@@ -1076,13 +1081,13 @@ config-command =
{#- There are dangerous keys like recipe, etc #}
{#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #}
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.ite
rite
ms() -%}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endif -%}
{%- endif -%}
{%- endfor %}
{%- endfor %}
[software-parameter-section]
[software-parameter-section]
{%- for key, value in software_parameter_dict.ite
rite
ms() %}
{%- for key, value in software_parameter_dict.items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endfor %}
{%- endfor %}
software/caddy-frontend/instance-apache-replicate.cfg.in
View file @
2481bc39
...
@@ -129,7 +129,7 @@ context =
...
@@ -129,7 +129,7 @@ context =
{% set config_key = "-frontend-config-%s-" % i %}
{% set config_key = "-frontend-config-%s-" % i %}
{% set config_key_length = config_key | length %}
{% set config_key_length = config_key | length %}
{% set config_dict = {} %}
{% set config_dict = {} %}
{% for key in
slapparameter_dict.keys(
) %}
{% for key in
list(slapparameter_dict.keys()
) %}
{% if key.startswith(sla_key) %}
{% if key.startswith(sla_key) %}
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend
# We check for specific configuration regarding the frontend
...
@@ -164,7 +164,7 @@ context =
...
@@ -164,7 +164,7 @@ context =
{% set critical_rejected_slave_dict = {} %}
{% set critical_rejected_slave_dict = {} %}
{% set warning_slave_dict = {} %}
{% set warning_slave_dict = {} %}
{% set used_host_list = [] %}
{% set used_host_list = [] %}
{% for slave in sorted(instance_parameter_dict['slave-instance-list']) %}
{% for slave in sorted(instance_parameter_dict['slave-instance-list']
, key=operator_module.itemgetter('slave_reference')
) %}
{% set slave_error_list = [] %}
{% set slave_error_list = [] %}
{% set slave_critical_error_list = [] %}
{% set slave_critical_error_list = [] %}
{% set slave_warning_list = [] %}
{% set slave_warning_list = [] %}
...
@@ -278,7 +278,7 @@ context =
...
@@ -278,7 +278,7 @@ context =
{% if k in slave %}
{% if k in slave %}
{% set crt = slave.get(k, '') %}
{% set crt = slave.get(k, '') %}
{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(crt) %}
{% do check_popen.communicate(crt
.encode()
) %}
{% if check_popen.returncode != 0 %}
{% if check_popen.returncode != 0 %}
{% do slave_error_list.append('%s is invalid' % (k,)) %}
{% do slave_error_list.append('%s is invalid' % (k,)) %}
{% endif %}
{% endif %}
...
@@ -296,8 +296,8 @@ context =
...
@@ -296,8 +296,8 @@ context =
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set key_modulus = key_popen.communicate(slave['ssl_key']
.encode()
)[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt']
.encode()
)[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %}
{% endif %}
...
@@ -334,7 +334,7 @@ context =
...
@@ -334,7 +334,7 @@ context =
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% do authorized_slave_list.sort() %}
{% do authorized_slave_list.sort(
key=operator_module.itemgetter('slave_reference')
) %}
[monitor-instance-parameter]
[monitor-instance-parameter]
monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
...
@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
...
@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
{%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
{%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{% for section, frontend_request in request_dict.ite
rite
ms() %}
{% for section, frontend_request in request_dict.items() %}
{% set state = frontend_request.get('state', '') %}
{% set state = frontend_request.get('state', '') %}
[{{section}}]
[{{section}}]
<= replicate
<= replicate
...
@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
...
@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{%- for config_key, config_value in node_configuration_dict.ite
rite
ms() %}
{%- for config_key, config_value in node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }}
config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%}
{% endfor -%}
{%- for config_key, config_value in base_node_configuration_dict.ite
rite
ms() %}
{%- for config_key, config_value in base_node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }}
config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%}
{% endfor -%}
{% if frontend_request.get('sla') %}
{% if frontend_request.get('sla') %}
{% for parameter, value in frontend_request.get('sla').ite
rite
ms() %}
{% for parameter, value in frontend_request.get('sla').items() %}
sla-{{ parameter }} = {{ value }}
sla-{{ parameter }} = {{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% endif %}
...
@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }}
...
@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
{% set software_url_key = "-kedifa-software-release-url" %}
{% set software_url_key = "-kedifa-software-release-url" %}
{% if s
lapparameter_dict.has_key(software_url_key)
%}
{% if s
oftware_url_key in slapparameter_dict
%}
software-url = {{ slapparameter_dict.pop(software_url_key) }}
software-url = {{ slapparameter_dict.pop(software_url_key) }}
{% else %}
{% else %}
software-url = ${slap-connection:software-release-url}
software-url = ${slap-connection:software-release-url}
...
@@ -499,7 +499,7 @@ name = kedifa
...
@@ -499,7 +499,7 @@ name = kedifa
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
{% set sla_kedifa_key = "-sla-kedifa-" %}
{% set sla_kedifa_key = "-sla-kedifa-" %}
{% set sla_kedifa_key_length = sla_kedifa_key | length %}
{% set sla_kedifa_key_length = sla_kedifa_key | length %}
{% for key in
slapparameter_dict.keys(
) %}
{% for key in
list(slapparameter_dict.keys()
) %}
{% if key.startswith(sla_kedifa_key) %}
{% if key.startswith(sla_kedifa_key) %}
sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
{% endif %}
{% endif %}
...
...
software/caddy-frontend/instance-kedifa.cfg.in
View file @
2481bc39
...
@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr
...
@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[expose-csr-certificate-get]
[expose-csr-certificate-get]
recipe = collective.recipe.shelloutput
recipe = slapos.recipe.build
commands =
certificate-file = ${expose-csr-certificate:certificate}
certificate = cat ${expose-csr-certificate:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[jinja2-template-base]
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -259,10 +264,8 @@ command =
...
@@ -259,10 +264,8 @@ command =
update-command = ${:command}
update-command = ${:command}
[{{ slave_reference }}-auth-random]
[{{ slave_reference }}-auth-random]
recipe = collective.recipe.shelloutput
<= auth-random
file = {{ '${' + slave_reference }}-auth-random-generate:file}
file = {{ '${' + slave_reference }}-auth-random-generate:file}
commands =
passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
{% endfor %}
{% endfor %}
...
@@ -273,11 +276,18 @@ command =
...
@@ -273,11 +276,18 @@ command =
[ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
[ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
update-command = ${:command}
update-command = ${:command}
[auth-random]
recipe = slapos.recipe.build
init =
import os
options['passwd'] = 'NotReadyYet'
if os.path.exists(options['file']):
with open(options['file'], 'r') as fh:
options['passwd'] = fh.read()
[master-auth-random]
[master-auth-random]
recipe = collective.recipe.shelloutput
<= auth-random
file = ${master-auth-random-generate:file}
file = ${master-auth-random-generate:file}
commands =
passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
[slave-kedifa-information]
[slave-kedifa-information]
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
...
...
software/caddy-frontend/instance.cfg.in
View file @
2481bc39
...
@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output
...
@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output
kedifa = dynamic-profile-kedifa:output
kedifa = dynamic-profile-kedifa:output
[software-parameter-section]
[software-parameter-section]
{% for key,value in software_parameter_dict.ite
rite
ms() %}
{% for key,value in software_parameter_dict.items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{% endfor -%}
{% endfor -%}
...
@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg
...
@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg
extra-context =
extra-context =
import subprocess_module subprocess
import subprocess_module subprocess
import functools_module functools
import functools_module functools
import operator_module operator
import validators validators
import validators validators
import caddyprofiledummy caddyprofiledummy
import caddyprofiledummy caddyprofiledummy
# Must match the key id in [switch-softwaretype] which uses this section.
# Must match the key id in [switch-softwaretype] which uses this section.
...
...
software/caddy-frontend/software.cfg
View file @
2481bc39
...
@@ -60,7 +60,6 @@ recipe = zc.recipe.egg
...
@@ -60,7 +60,6 @@ recipe = zc.recipe.egg
eggs =
eggs =
caddyprofiledeps
caddyprofiledeps
websockify
websockify
collective.recipe.shelloutput
[profile-common]
[profile-common]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
...
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @
2481bc39
...
@@ -52,13 +52,13 @@ context =
...
@@ -52,13 +52,13 @@ context =
{#- * setup defaults to simplify other profiles #}
{#- * setup defaults to simplify other profiles #}
{#- * stabilise values for backend #}
{#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = url
parse_modul
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set parsed = url
lib_module.pars
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
{%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
{%- set parsed = url
parse_modul
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set parsed = url
lib_module.pars
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = slave_instance[prefix] %}
{%- set info_dict = slave_instance[prefix] %}
{%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
{%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
{%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
{%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
...
@@ -189,7 +189,7 @@ context =
...
@@ -189,7 +189,7 @@ context =
{%- do furled.set(password = '${'+ slave_password_section +':passwd}') %}
{%- do furled.set(password = '${'+ slave_password_section +':passwd}') %}
{%- do furled.set(path = slave_reference + '/') %}
{%- do furled.set(path = slave_reference + '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set slave_log_access_url = url
parse_modul
e.unquote(furled.tostr()) %}
{%- set slave_log_access_url = url
lib_module.pars
e.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
...
@@ -212,7 +212,7 @@ context =
...
@@ -212,7 +212,7 @@ context =
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
{%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
{%- set websocket_path = urllib_module.
parse.
unquote(websocket_path.strip()) %}
{%- if websocket_path %}
{%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %}
{%- do websocket_path_list.append(websocket_path) %}
{%- endif %}
{%- endif %}
...
@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
...
@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
version-hash = {{ version_hash }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
node-id = {{ node_id }}
{%- for key, value in slave_instance.ite
rite
ms() %}
{%- for key, value in slave_instance.items() %}
{%- if value is not none %}
{%- if value is not none %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endif %}
{%- endif %}
...
@@ -383,7 +383,7 @@ config-frequency = 720
...
@@ -383,7 +383,7 @@ config-frequency = 720
{%- do part_list.append(publish_section_title) %}
{%- do part_list.append(publish_section_title) %}
[{{ publish_section_title }}]
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
recipe = slapos.cookbook:publish
{%- for key, value in slave_publish_dict.ite
rite
ms() %}
{%- for key, value in slave_publish_dict.items() %}
{{ key }} = {{ value }}
{{ key }} = {{ value }}
{%- endfor %}
{%- endfor %}
{%- else %}
{%- else %}
...
@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
...
@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
{%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
{%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
{%- do furled.set(path = '/') %}
{%- do furled.set(path = '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set statistic_url = url
parse_modul
e.unquote(furled.tostr()) %}
{%- set statistic_url = url
lib_module.pars
e.unquote(furled.tostr()) %}
backend-haproxy-statistic-url = {{ statistic_url }}
backend-haproxy-statistic-url = {{ statistic_url }}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
...
@@ -503,7 +503,7 @@ output = ${:file}
...
@@ -503,7 +503,7 @@ output = ${:file}
< = jinja2-template-base
< = jinja2-template-base
url = {{ template_backend_haproxy_configuration }}
url = {{ template_backend_haproxy_configuration }}
output = ${backend-haproxy-config:file}
output = ${backend-haproxy-config:file}
backend_slave_list = {{ dumps(sorted(backend_slave_list)) }}
backend_slave_list = {{ dumps(sorted(backend_slave_list
, key=operator_module.itemgetter('slave_reference')
)) }}
extra-context =
extra-context =
key backend_slave_list :backend_slave_list
key backend_slave_list :backend_slave_list
section configuration backend-haproxy-config
section configuration backend-haproxy-config
...
@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr
...
@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[expose-csr-certificate-get]
[expose-csr-certificate-get]
recipe = collective.recipe.shelloutput
recipe = slapos.recipe.build
commands =
certificate-file = ${expose-csr-certificate:certificate}
certificate = cat ${expose-csr-certificate:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[promise-logrotate-setup]
[promise-logrotate-setup]
<= monitor-promise-base
<= monitor-promise-base
...
...
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
View file @
2481bc39
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
{% set slave_information_dict = {} %}
{% set slave_information_dict = {} %}
# regroup slave information from all frontends
# regroup slave information from all frontends
{% for frontend, slave_list_raw in slave_information.ite
rite
ms() %}
{% for frontend, slave_list_raw in slave_information.items() %}
{% if slave_list_raw %}
{% if slave_list_raw %}
{% set slave_list = json_module.loads(slave_list_raw) %}
{% set slave_list = json_module.loads(slave_list_raw) %}
{% else %}
{% else %}
...
@@ -27,21 +27,21 @@
...
@@ -27,21 +27,21 @@
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].ite
rite
ms() %}
{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].items() %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %}
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% endfor %}
{% endfor %}
{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].ite
rite
ms() %}
{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].items() %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %}
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% endfor %}
{% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).ite
rite
ms() %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).items() %}
{% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
{% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
...
@@ -54,7 +54,7 @@
...
@@ -54,7 +54,7 @@
# Publish information for each slave
# Publish information for each slave
{% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %}
{% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %}
{% for slave_reference, slave_information in slave_information_dict.ite
rite
ms() %}
{% for slave_reference, slave_information in slave_information_dict.items() %}
{# Filter out destroyed, so not existing anymore, slaves #}
{# Filter out destroyed, so not existing anymore, slaves #}
{# Note: This functionality is not yet covered by tests, please modify with care #}
{# Note: This functionality is not yet covered by tests, please modify with care #}
{% if slave_reference in active_slave_instance_list %}
{% if slave_reference in active_slave_instance_list %}
...
@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish
...
@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
{% endif %}
{% endif %}
{% for key, value in slave_information.ite
rite
ms() %}
{% for key, value in slave_information.items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{% endfor %}
{% endfor %}
{% endif %}
{% endif %}
{% for frontend_key, frontend_value in frontend_information.ite
rite
ms() %}
{% for frontend_key, frontend_value in frontend_information.items() %}
{{ frontend_key }} = {{ frontend_value }}
{{ frontend_key }} = {{ frontend_value }}
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
...
...
software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
View file @
2481bc39
...
@@ -23,7 +23,7 @@ http {
...
@@ -23,7 +23,7 @@ http {
fastcgi_temp_path {{ parameter_dict['var'] }} 1 2;
fastcgi_temp_path {{ parameter_dict['var'] }} 1 2;
uwsgi_temp_path {{ parameter_dict['var'] }} 1 2;
uwsgi_temp_path {{ parameter_dict['var'] }} 1 2;
scgi_temp_path {{ parameter_dict['var'] }} 1 2;
scgi_temp_path {{ parameter_dict['var'] }} 1 2;
{% for slave, directory in slave_log_directory.ite
rite
ms() %}
{% for slave, directory in slave_log_directory.items() %}
location /{{ slave }} {
location /{{ slave }} {
alias {{ directory }};
alias {{ directory }};
autoindex on;
autoindex on;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment